Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[postponed] inotify issue 515 (fix: inotify_init has no syscall arguments but we send one param) #1382

Closed
wants to merge 1 commit into from
Closed

[postponed] inotify issue 515 (fix: inotify_init has no syscall arguments but we send one param) #1382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 0 additions & 9 deletions driver/bpf/fillers.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3470,15 +3470,6 @@ FILLER(sys_io_uring_register_x, true)
return bpf_push_u32_to_ring(data, nr_args);
}

FILLER(sys_inotify_init_e, true)
{
/* Parameter 1: flags (type: PT_FLAGS8) */
/* We have nothing to extract from the kernel here so we send `0`.
* This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param.
*/
return bpf_push_u8_to_ring(data, 0);
}

FILLER(sys_inotify_init1_x, true)
{
/* Parameter 1: res (type: PT_ERRNO) */
Expand Down
2 changes: 1 addition & 1 deletion driver/event_table.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ const struct ppm_event_info g_event_info[] = {
[PPME_SYSCALL_NANOSLEEP_X] = {"nanosleep", EC_SLEEP | EC_SYSCALL, EF_WAITS, 1, {{"res", PT_ERRNO, PF_DEC} } },
[PPME_SYSCALL_TIMERFD_CREATE_E] = {"timerfd_create", EC_TIME | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 2, {{"clockid", PT_UINT8, PF_DEC}, {"flags", PT_FLAGS8, PF_HEX} } },
[PPME_SYSCALL_TIMERFD_CREATE_X] = {"timerfd_create", EC_TIME | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"res", PT_FD, PF_DEC} } },
[PPME_SYSCALL_INOTIFY_INIT_E] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"flags", PT_FLAGS8, PF_HEX} } },
[PPME_SYSCALL_INOTIFY_INIT_E] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 0},
[PPME_SYSCALL_INOTIFY_INIT_X] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"res", PT_FD, PF_DEC} } },
[PPME_SYSCALL_GETRLIMIT_E] = {"getrlimit", EC_PROCESS | EC_SYSCALL, EF_NONE, 1, {{"resource", PT_ENUMFLAGS8, PF_DEC, rlimit_resources} } },
[PPME_SYSCALL_GETRLIMIT_X] = {"getrlimit", EC_PROCESS | EC_SYSCALL, EF_NONE, 3, {{"res", PT_ERRNO, PF_DEC}, {"cur", PT_INT64, PF_DEC}, {"max", PT_INT64, PF_DEC} } },
Expand Down
2 changes: 1 addition & 1 deletion driver/fillers_table.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = {
[PPME_SYSCALL_NANOSLEEP_X] = {FILLER_REF(sys_single_x)},
[PPME_SYSCALL_TIMERFD_CREATE_E] = {FILLER_REF(sys_autofill), 2, APT_REG, {{AF_ID_USEDEFAULT, 0}, {AF_ID_USEDEFAULT, 0} } },
[PPME_SYSCALL_TIMERFD_CREATE_X] = {FILLER_REF(sys_single_x)},
[PPME_SYSCALL_INOTIFY_INIT_E] = {FILLER_REF(sys_inotify_init_e)},
[PPME_SYSCALL_INOTIFY_INIT_E] = {FILLER_REF(sys_empty)},
[PPME_SYSCALL_INOTIFY_INIT_X] = {FILLER_REF(sys_single_x)},
[PPME_SYSCALL_GETRLIMIT_E] = {FILLER_REF(sys_getrlimit_setrlimit_e)},
[PPME_SYSCALL_GETRLIMIT_X] = {FILLER_REF(sys_getrlimit_setrlrimit_x)},
Expand Down
2 changes: 1 addition & 1 deletion driver/modern_bpf/definitions/events_dimensions.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
#define RMDIR_E_SIZE HEADER_LEN
#define EVENTFD_E_SIZE HEADER_LEN + sizeof(uint64_t) + sizeof(uint32_t) + PARAM_LEN * 2
#define EVENTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
#define INOTIFY_INIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
#define INOTIFY_INIT_E_SIZE HEADER_LEN
#define INOTIFY_INIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
#define TIMERFD_CREATE_E_SIZE HEADER_LEN + sizeof(uint8_t) * 2 + PARAM_LEN * 2
#define TIMERFD_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
Expand Down
7 changes: 1 addition & 6 deletions driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/inotify_init.bpf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,7 @@ int BPF_PROG(inotify_init_e,

/*=============================== COLLECT PARAMETERS ===========================*/

/* Parameter 1: flags (type: PT_FLAGS8) */
/* We have nothing to extract from the kernel here so we send `0`.
* This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param.
*/
u8 flags = 0;
ringbuf__store_u8(&ringbuf, flags);
// Here we have no parameters to collect.

/*=============================== COLLECT PARAMETERS ===========================*/

Expand Down
12 changes: 0 additions & 12 deletions driver/ppm_fillers.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5489,18 +5489,6 @@ int f_sys_io_uring_register_x (struct event_filler_arguments *args)
return add_sentinel(args);
}

int f_sys_inotify_init_e(struct event_filler_arguments *args)
{
/* Parameter 1: flags (type: PT_FLAGS8) */
/* We have nothing to extract from the kernel here so we send `0`.
* This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param.
*/
int res = val_to_ring(args, 0, 0, true, 0);
CHECK_RES(res);

return add_sentinel(args);
}

int f_sys_inotify_init1_x(struct event_filler_arguments *args)
{
int res = 0;
Expand Down
1 change: 0 additions & 1 deletion driver/ppm_fillers.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,6 @@ or GPL2.txt for full copies of the license.
FN(sys_umount2_e) \
FN(sys_umount2_x) \
FN(sys_pipe2_x) \
FN(sys_inotify_init_e) \
FN(sys_inotify_init1_x) \
FN(sys_eventfd2_e) \
FN(sys_eventfd2_x) \
Expand Down
5 changes: 2 additions & 3 deletions test/drivers/test_suites/syscall_enter_suite/inotify_init_e.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,10 @@ TEST(SyscallEnter, inotify_initE)

/*=============================== ASSERT PARAMETERS ===========================*/

/* Parameter 1: flags (type: PT_FLAGS8) */
evt_test->assert_numeric_param(1, (uint8_t)0);
// Here we have no parameters to assert.

/*=============================== ASSERT PARAMETERS ===========================*/

evt_test->assert_num_params_pushed(1);
evt_test->assert_num_params_pushed(0);
}
#endif
4 changes: 2 additions & 2 deletions userspace/libsinsp/test/events_file.ut.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ TEST_F(sinsp_with_test_input, creates_fd_generic)
ASSERT_EQ(get_field_as_string(evt, "fd.num"), "6");

fd = 7;
add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 1, 0);
add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 0);
evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_X, 1, fd);
ASSERT_EQ(get_field_as_string(evt, "fd.type"), "inotify");
ASSERT_EQ(get_field_as_string(evt, "fd.typechar"), "i");
Expand Down Expand Up @@ -404,7 +404,7 @@ TEST_F(sinsp_with_test_input, inotify_init)
int64_t res = 15;
uint8_t flags = 79;

add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 1, flags);
add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 0);
evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_X, 1, res);

ASSERT_EQ(get_field_as_string(evt, "fd.num"), std::to_string(res));
Expand Down